HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Lenny (http://www.howtoforge.com/forums/showthread.php?t=35439)

warpengi 25th May 2009 03:46

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Lenny
 
I'm concerned that my implementation of this server has become compromised. I first noticed that some of my emails were not getting through. I'm not getting any bounces but the emails do not appear to arrive at their destination. In researching this I found that emails sent through my ISP's smtp server arrive at their destination but emails sent throuhg my smtp server may or may not. My ISP does not block outbound port 25.

1. How do I find out if my IP or an IP range at my ISP has been blscklisted?
2. How do I determine if my smtp server is acting as a relay for spam?
3. how can I determine why my emails are not arriving at their destination?
4. What can I read to understand the sometimes cryptic data in my mail log files?
5. What is the meaning of the log data below and why are all those connections timing out?

Any help with these questions would be greatly appreciated

Looking at my mail.info and mail.log files I have several thousand lines of activity for one day only and I have only 3 accounts on this server all used by me. I only send about 2-3 emails per day on average.

The following is a typical minute of activity from mail.log:

May 24 07:37:02 debmail postfix/smtp[21779]: connect to server117.appriver.com[207.97.242.5]:25: Connection timed out
May 24 07:37:02 debmail postfix/smtp[21779]: 1BF504413F: to=<k_elliec@gazellesports.com>, relay=none, delay=426929, delays=426869/0.04/60/0, dsn=4.4.1, status=deferred (connect to server117.appriver.com[207.97.242.5]:25: Connection timed out)
May 24 07:37:02 debmail amavis[21631]: (21631-04) Blocked SPAM, [95.133.160.207] [95.133.160.207] <gadaarghbef@aargh.ca> -> <gadaarghbef@aargh.ca>, quarantine: C/spam-CkuQK7gyXfT6.gz, Message-ID: <20090524143648.9E2B54414B@debmail.aargh.ca>, mail_id: CkuQK7gyXfT6, Hits: 21.473, size: 5062, 12048 ms
May 24 07:37:02 debmail postfix/smtp[21794]: 9E2B54414B: to=<gadaarghbef@aargh.ca>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=2.7/0/0/12, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=21631-04, DISCARD(bounce.suppressed))
May 24 07:37:02 debmail postfix/qmgr[10829]: 9E2B54414B: removed
May 24 07:37:07 debmail postfix/smtp[21780]: connect to idcmail.shaw.ca[24.71.223.11]:25: Connection timed out
May 24 07:37:07 debmail postfix/smtp[21786]: connect to mx.hdeshop.com[66.96.142.50]:25: Connection timed out
May 24 07:37:07 debmail postfix/smtp[21783]: connect to sodemann.com.inbound15.mxlogic.net[208.65.144.13]:25: Connection timed out
May 24 07:37:12 debmail postfix/smtp[21785]: connect to mailstore1.secureserver.net[64.202.166.11]:25: Connection timed out
May 24 07:37:12 debmail postfix/smtp[21785]: 6A8B54415E: to=<dapperse811@usahvds.com>, relay=none, delay=206306, delays=206236/0.07/70/0, dsn=4.4.1, status=deferred (connect to mailstore1.secureserver.net[64.202.166.11]:25: Connection timed out)
May 24 07:37:12 debmail postfix/smtp[21782]: connect to eforwardct2.name-services.com[65.74.168.218]:25: Connection timed out
May 24 07:37:12 debmail postfix/smtp[21782]: 7E59144127: to=<proteani7@yourstoredot.com>, relay=none, delay=435377, delays=435307/0.06/70/0, dsn=4.4.1, status=deferred (connect to eforwardct2.name-services.com[65.74.168.218]:25: Connection timed out)
May 24 07:37:12 debmail postfix/qmgr[10829]: 7E59144127: from=<>, status=expired, returned to sender
May 24 07:37:12 debmail postfix/qmgr[10829]: 7E59144127: removed
May 24 07:37:12 debmail postfix/smtp[21781]: connect to vmx.madriver.com.redcondor.net[65.19.91.88]:25: Connection timed out
May 24 07:37:37 debmail postfix/smtp[21780]: connect to idcmail-mx1so.cg.shawcable.net[24.71.223.11]:25: Connection timed out
May 24 07:37:37 debmail postfix/smtp[21786]: connect to mx.hdeshop.com[66.96.142.51]:25: Connection timed out
May 24 07:37:37 debmail postfix/smtp[21783]: connect to sodemann.com.inbound15.mxlogicmx.net[208.65.145.12]:25: Connection timed out
May 24 07:37:37 debmail postfix/smtp[21786]: 33E614416D: to=<support@hdeshop.com>, relay=none, delay=385002, delays=384907/0.08/95/0, dsn=4.4.1, status=deferred (connect to mx.hdeshop.com[66.96.142.51]:25: Connection timed out)
May 24 07:37:42 debmail postfix/smtp[21781]: connect to vmx.madriver.com.redcondor.net[65.19.91.87]:25: Connection timed out

falko 25th May 2009 13:11

Quote:

Originally Posted by warpengi (Post 190215)
1. How do I find out if my IP or an IP range at my ISP has been blscklisted?

Go to http://mxtoolbox.com/blacklists.aspx

warpengi 26th May 2009 00:49

Quote:

Originally Posted by falko (Post 190285)

well that seems to be the problem. I'm on somebodies blacklist. Well, a range of IP addresses at my ISP are blacklisted and I'm within that range:(

Thanks for the link:cool:


All times are GMT +2. The time now is 18:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.